6.9
CVE-2010-0393
- EPSS 0.32%
- Veröffentlicht 05.03.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.235 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://www.mandriva.com/security/advisories?name=MDVSA-2010:072
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
http://security.gentoo.org/glsa/glsa-201207-10.xml
http://www.ubuntu.com/usn/USN-906-1
http://www.cups.org/str.php?L3482
http://www.securityfocus.com/bid/38524
https://bugzilla.redhat.com/show_bug.cgi?id=558460